Separating the logs

Raja1 · March 23, 2017, 9:50am

Hello All,

Could you please someone help me to achieve this task. My requirement is to separate the logs like website wise.

I have many websites configured in my system. Most of the website logs are storing in a file so i am able to display the logs in kibana but as soon as open kibana everyone able to view all logs.To avoid that By using x-pack i created the users but dont know how to restrict the user wise access to website logs.

Ex: Now A user can only see abc.com logs and B user can see xyz.com site logs but not other sites. How can i make this type of restriction in ELK?

Regards
Raja

warkolm · March 23, 2017, 9:51am

Is there some kind of identification tag in each log so you can filter?

Raja1 · March 23, 2017, 10:01am

Hi Mark,

Yes, identification tag is there. The logs are showing site name like abc.com, xyz.com in their own site logs.

Regards
Raja

Raja1 · March 23, 2017, 10:05am

Hi Mark,

I just reviewed the logs and found common identification names like few of them below

Service
application_name
resource

Above all names are there for all sites.

Regards
Raja

warkolm · March 23, 2017, 7:58pm

This is going to be your next step - https://www.elastic.co/guide/en/x-pack/current/field-and-document-access-control.html

Raja1 · March 27, 2017, 4:27am

Hi Mark,

Thanks for your reply. I have gone thru the link but i am confusing where the indices has to be written and also how to define site based restriction.

If you dont mind could you please provide some example config so that i will try to use and make accordingly.

Regards
Raja

system · April 24, 2017, 4:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.